Embed URL

HTTPS clone URL

Subversion checkout URL

Openstack

Okay, so here is the thing. Yeah, some of the folks who have started companies around Openstack have tried to put on the mantle of being the open-est of open clouds. It's a silly argument (reference the Eucalyptus guys open sourcing the whole thing from the beginning, or any number of smaller projects that have existed for a long time.) Other folks have done the same (We're more open because we're part of the apache foundation. We're more open because we're AGPL. The list goes on.)

It's marketing rhetoric, it's tiresome, and it's actively subversive to what should be a delightful community of cheerfully competitive peers. But hey, it is what it is.

License Choice

Businesses that create open source software get to choose the terms under which their software, and as a side effect, their communities, evolve. The first thing that impacts this is the choice of license for the software itself. I've been pretty vocal about my personal beliefs here, and advocated for them at Opscode. In general terms:

You can choose a weak-copyleft license. This will let anyone do basically anything with your code. (MIT, Apache)

You can choose a strong copyleft license. This will ensure that anyone who receives a copy of your software also has access to the source code, and that derivative works are also licensed the same way.

Openstack chose the Apache License

The side effect here is that many commercial entities can take that code, and be assured that they can do what they need to do with it to make money, in whatever way they see fit. They are under no obligations, other than community and social pressure, to release any code back to the community at all.

Now, that's a dumb move, because Open Source tends to remember who contributes and who simply exists to profit from the work of others. Eventually, it outs.

So what actually tends to happen is that many competing commercial entities come together to work around, and productize, that code-base. The core code base usually remains directly totally free - when it is threatened to be otherwise, the community forks. (Hudson/Jenkins)

How do you commercialize it then?

The most typical pattern for commercializing Open Source software is to bundle a suite of software together into a distribution. The ones you are most familiar with are Linux distros - the IP contained in the distribution is in fact the mechanism by which it is assembled into binaries and distributed. This distribution is typically not considered a derivative work of the software itself - you haven't really changed the underlying software, you've just bundled it up and stuck it in an RPM, an ISO, or a USB stick.

That resulting distribution also has a license. Typically a commercial one, that has terms of use and other clauses attached. That's because it's where the commercial entity has added value - they've taken what was a smattering of independent software and made it "easy" and "accessible". (Plenty of linux distributions make this part also free, or even make the code that creates the distributions free, etc. etc ad-nauseum)

So, when you "Buy" a Red Hat license, what you are buying is the license to use those particular compiled bits in your environment. You are also buying things like upgrades, and support. CentOS exists because it has taken the software stack red hat sells, and re-built it for you - so the resulting distribution is free of these encumbrances.

Back to Openstack

So, off the top of my head, there are a bunch of OpenStack participants who want to be private cloud vendors. Rackspace, Piston, Nebula, and many more. Each one of them is, at least, going to create a proprietary "version" of Openstack - a bundled distribution. These proprietary bundles may, or may not, include proprietary software in addition to the core Openstack software. They may or may not include proprietary extensions to the existing open stack software.

What they will all absolutely, positively do, is take those commercial (or commercially intended) distributions and slap a commercial license on them. Because if they didn't, they would suddenly have no differentiation what-so-ever from the rest of the crowd. They would also have no place to insert the commercial terms of use that are part of the customer relationship you have with every vendor ever in the history of legal documents.

One example here is the terms under which that use can be rescinded, and it's what started the twitter kerfuffle. Commercial products have these. Open Source software generally does not (although some, like the Apache License and the GPLv3, do have some clauses that revoke your right to use the software if you instigate patent litigation against the software.)

This is why they can sell you something, and you want to buy it. It's what they sell.

My point about this not being surprising was really this. It's not surprising. It's exactly the way that the vast majority of us have been consuming OSS from the first time we installed Red Hat 4.2. There are folks who have a different point of view about this - those folks look like Debian, who are have a very different commitment to their consumers.

Simon has a point

Because Openstack is Apache licensed, it's entirely possible that the vendor has done more than just wrap up the software and distribute it to you. They are under no, 0, zip, zilch, nada requirements to release the source to you. They don't even have to tell you they did it - they have to tell you they used it - but not that they changed it. They should do it, because doing so is part of what it means to be a good open source citizen.

So when you combine that with the EULAs, without more clarification, it is hard to know what will (or won't) stop working if the termination clauses are invoked.

What you do know, with almost 100% certainty, is that you have might have to stop using the moral equivalent of the install media. You might also have to stop using the software itself. Read the EULA to know.

Don't be surprised, though

Because this is how it's always been. We just forget, because the number of times we look under the covers at the legal agreements for the software we use rapidly approaches 0 given long enough in the industry. :)

And, as an aside - what makes one or the other of these companies less "open" than the other is what they do with Openstack itself. How much are they giving back? How much are they holding back? Are they good stewards?